In general, users shouldn't end up on these pages without being logged in; however, if they do, we should redirect them to the login page using the login_required decorator rather than the current behavior (giving a 404.) That would be a better user experience.
While we're at it, we should add tests that verify this behavior, and ensure that all the user views behave this way.
In general, users shouldn't end up on these pages without being logged in; however, if they do, we should redirect them to the login page using the login_required decorator rather than the current behavior (giving a 404.) That would be a better user experience.
While we're at it, we should add tests that verify this behavior, and ensure that all the user views behave this way.